Devices

ABSTRACT

An access device includes means for receiving, via a wireless communication link, a key and validity information. The access device also includes wireless communication means for establishing a connection with another party, and for providing the key and validity information to that party. If the key and validity information are determined by the other party to be valid access is provided.

[0001] The present invention relates to a device and in particular butnot exclusively to a device which provides access to an entity.

[0002] Wireless cellular networks are known in which the area covered bythe network is divided into a number of cells. Each cell is served by abase transceiver station. The base transceiver station is arranged tocommunicate with mobile stations in the cell associated with the basestation. The mobile stations establish via the base station a connectionwith another user, a fixed line telephone or the Internet.

[0003] Programmable keys are known. For example, plastic cards withmagnetic strips are used as keys to open locks to for example doors orthe like. The use of such keys is disadvantageous in that different keysare provided to access different entities and therefore need to becarried by the user.

[0004] It has been proposed to allow multiple users access to the sameentity. For example, a front door to an office may be accessed by anumber of users or a hotel room may be accessed by different users atdifferent times. It is necessary for the accessed entity to have adatabase or similar to keep a record of the authorised users. It isdisadvantageous if a database or similar needs to be associated with theaccessed entity. For example, in a hotel, to have a database associatedwith each lock would be costly.

[0005] It is an aim of embodiments of the present invention to addressone or more of the problems discussed earlier.

[0006] According to a first aspect of the present invention there isprovided an access device comprising means for receiving a key andvalidity information, wireless communication means for establishing aconnection with another party, said wireless communication means beingarranged to provide said key and said validity information to saidanother party, wherein if said key and said validity information aredetermined by the another party to be valid access is provided.

[0007] According to a second aspect of the present invention there isprovided an access method comprising the steps of receiving a key andvalidity information, establishing a wireless connection with anotherparty, providing said key and said time related information to saidanother party, and checking at said another party if said key and saidtime related information are valid and if so providing access.

[0008] For a better understanding of the present invention and as to howthe same may be carried into effect, reference will now be made by wayof example to the accompanying drawings in which:

[0009]FIG. 1 shows a schematic diagram of a cellular network;

[0010]FIG. 2 shows a block diagram of a mobile station embodying thepresent invention;

[0011]FIG. 3 shows a block diagram of the entities with which the mobilestation communicates;

[0012]FIG. 4 shows the Bluetooth device of FIG. 3 in more detail; and

[0013]FIG. 5 illustrates the method embodying the present invention.

[0014] Reference is made to FIG. 1 which shows a cellular network 2. Thearea covered by the network 2 is divided into a plurality of cells 4.Three cells 4 are shown in FIG. 1. However, it should be appreciatedthat in networks there will typically be many more cells.

[0015] Each cell 4 has associated therewith a base transceiver station6. Each base transceiver station 6 is arranged to receive signals fromand send signals to mobile stations 8 in the cell associated with thebase station 6. Depending on the method of communication, the mobilestations may communicate with the base stations of adjacent cells. Insome embodiments of the present invention, a mobile station may be ableto communicate with two or more base stations at the same time.

[0016] The mobile stations and base transceiver stations typically useradio frequency signals to communicate. The base stations and mobilestations may use a frequency division multiple access technique. Thismeans that the available frequency spectrum is divided up into a numberof bands and the mobile station will be allocated a given frequency tocommunicate with the base station with the base station being allocatedanother frequency to communicate with the mobile station. Generally, thefrequencies will be different but this is not essential. The mobilestations and the base stations may use a time division multiple accesstechnique. With this method, a frequency band is divided up into anumber of time slots and a mobile station is allocated a given one ofthose time slots to communicate with the base station and vice versa. Inthe GSM (global system for mobile communication) standard, a combinationof frequency division multiple access and time division multiple accessis used. Spread spectrum techniques such as code division multipleaccess may also be used. In this technique, different spreading codesare used by different mobile stations so that the signals from thedifferent mobile stations can be distinguished. Similarly, the differentbase stations will use different spreading codes. In the thirdgeneration system, a wideband CDMA system has been proposed. It shouldbe appreciated that in embodiments of the present invention, any ofthese techniques may be used either on their own or together. It is ofcourse possible that any other suitable techniques may be used.

[0017] Reference is now made to FIG. 2 which shows a block diagram of amobile station embodying the present invention. The mobile station 8 hasa first antenna 10. The first antenna 10 is arranged to receive signalsfrom the respective base transceiver station 6. The first antenna 10 isalso arranged to transmit signals to the base station 6.

[0018] The signals received by the first antenna 10 are forwarded to aradio frequency transceiver 12. The radio frequency transceiver 12 willdown convert the radio frequency signals to a baseband frequency. Theradio frequency transceiver may perform other functions such asdecoding, demodulation or the like. The received information at thebaseband frequency is forwarded by the radio frequency transceiver 12 toa processor 14 which extracts the necessary information from thereceived signal. The processor 14 may be arranged to provide an outputwhich is connected to a speaker which may provide received voicesignals. The processor 14 may receive control information from the basestation which is used to control the mobile station or the like. Theprocessor 14 may also extract information which is to be displayed anddisplay that information on a display 16. The processor may also receivean input from a user interface such as a keyboard or the like.

[0019] The processor 14 is also used to process signals to betransmitted by the first antenna 10 and may also receive an output fromfor example a microphone or the like. The signals which are to betransmitted by the first antenna are output by the processor 14 at thebaseband frequency. The radio frequency transceiver 12 upconverts thebaseband signals to the radio frequency and forwards them to the firstantenna 10 for transmission. The radio frequency transceiver may encodethe information, modulate it or carry out any other processing of thesignal.

[0020] The radio frequency transceiver 12 may be connected to a memory18. The memory 18 is arranged to store some information received by theradio frequency transceiver. In alternative embodiments of the presentinvention, the memory may be connected to the processor 14 and so mayreceive information via the processor.

[0021] The mobile station 8 has a second antenna 20. The second antennais arranged to receive and transmit signals in the Bluetooth range offrequencies. Bluetooth is a standard which has been proposed for shortrange, low power, high frequency signals. Typically, the signals will beof the order of giga Hertz. The second antenna 20 is arranged to receiveBluetooth signals from a Bluetooth device. The signals received by thesecond antenna are forwarded to a Bluetooth transceiver 22. TheBluetooth transceiver 22 performs similar functions to the radiofrequency transceiver 12. In particular, the Bluetooth transceiver 22downconverts the received signals to a baseband frequency. If required,the Bluetooth transceiver may demodulate and decode the received signal.The received signals may be forwarded to the processor 14 for furtherprocessing.

[0022] The Bluetooth transceiver 22 is also arranged to receiveinformation from the processor 14. The received information is at thebaseband frequency and the Bluetooth transceiver upconverts the signalsto the Bluetooth frequency so that they can be transmitted by the secondantenna. If required, the Bluetooth transceiver 22 will modulate, encodeand perform any other required function.

[0023] The Bluetooth transceiver 22 is arranged to have access to thememory 18 and can retrieve information stored therein. In alternativeembodiments of the present invention, the information may be retrievedby the processor from the memory and forwarded to the Bluetoothtransceiver 22.

[0024] Reference will now be made to FIG. 3 which schematicallyillustrates embodiments of the present invention. The mobile station 8is arranged to have a Bluetooth connection with a Bluetooth device 24.This means that signals are exchanged between the mobile device and theBluetooth device in accordance with the Bluetooth standard. With theBluetooth standard, two devices are able to communicate directly withoutgoing via for example a base station.

[0025] In embodiments of the present invention, it is proposed that theBluetooth device be a lock or an access device. For example, theBluetooth device may be provided on a hotel door. The Bluetooth devicemay be part of an access device. For example, the access device 24 maypermit access to a cinema, public transport, a ski lift or the like.Alternatively, the Bluetooth device may for example be incorporated in arental car or the like. Embodiments of the present invention areparticularly suitable for allowing access to a given user temporarily.However, embodiments of the present invention can be used in othersituations.

[0026] The communications between the mobile device and the Bluetoothdevice 24 are via the second antenna 20 of the mobile station 8.

[0027] Reference is made to FIG. 4 which shows the Bluetooth device 24of FIG. 3 in more detail. The Bluetooth device 24 has an antenna 26.This antenna 26 is arranged to receive and transmit signals at theBluetooth frequency. More particularly, the antenna 26 is arranged totransmit signals to the second antenna of the mobile station and toreceive signals therefrom. The Bluetooth device has an upconverter 28.The upconverter 28 is arranged to upconvert signals from a basebandfrequency to the Bluetooth frequency for transmission by the antenna 26.The upconverter 28 may carry out other functions such as modulation,encoding or any other suitable function.

[0028] The signals which are received by the antenna 26 are processed bya downconverter 30 which reduces the frequency of the received signalsfrom the Bluetooth frequency to the baseband frequency. Again, thedownconverter 30 may perform other functions such as demodulation ordecoding.

[0029] The signals which are received by the antenna 26 and downconverted by the downconverter 30 are output to a processor 32 which isable to process the received signals further. Likewise, the processor 32is arranged to output those signals which are to be transmitted to theupconverter 28. The Bluetooth device 24 also has a memory 34 which isused to store information. This will be described in more detailhereinafter.

[0030] Referring back to FIG. 3, the mobile station is also able tocommunicate with the base transceiver station 6 using the first antenna10. The base transceiver station provides a connection to other elementsof a network 36. The network 36 is connected to a gateway element 38which, usually is part of the network 36. The gateway element 38 allowsthe network to be connected to an external entity, such as anothernetwork, the Internet or a server 40 of a service provider.

[0031] Reference will now be made to FIG. 5 which shows a flow diagramof the steps of the method embodying the present invention andillustrates how embodiments of the present invention work. The mobilestation 8 is arranged in step S1 to establish a connection with thenetwork 36 via the base transceiver station 10. In the embodimentdescribed, the mobile station is a WAP (wireless application protocol)mobile station. However, it should be appreciated that the mobile devicemay be in accordance with any other protocol and may for example be ableto use the short message servicing SMS feature in embodiments of theinvention. The network is also arranged to establish via the gateway 38a connection with a server. This server 40 is associated with theservice provider. For example, if embodiments of the present inventionare to be used to allow access to hotel rooms, then the server 40 wouldbe associated with the hotel. As an alternative the mobile station 8could also access the server provider via a Bluetooth transceiverconnected to the server. In this way the mobile station can get the keyover the Bluetooth connection without the need for network connection.Cost would also be reduced. If however an order for a service(forexample a hotel room) was made in advance the key could be obtainedremotely via the base transceiver station 10 using WAP or SMS.

[0032] In the second step S2, the server 40 provides the mobile stationwith key information and additional information. For example, in thecontext of a hotel, the additional information could take the form ofthe hotel room. In this particular embodiment, the key and additionalinformation are downloaded to the mobile station in the same call wherethe mobile station establishes the connection.

[0033] However, in alternative embodiments of the present invention, itis possible that the mobile station in step 1 establish a WAP connectionand provides an indication to the server as to the particular servicerequired. The server may then cause the mobile station to be called backwith the required key and additional information.

[0034] The key information which is sent to the mobile station isusually encrypted. The whole of the key may be encrypted or only part ofthe key may be encrypted. In alternative embodiments of the presentinvention, the key may not be encrypted. If the key is encrypted, themobile station may be able to decrypt all or part of the keyinformation. However, in preferred embodiments of the present invention,the mobile station is not able to decrypt the key information. Theadditional information which is sent to the mobile station may also beencrypted but this is not necessary. Where this additional informationis encrypted, the mobile station will usually be able to decrypt thatinformation. For example, if the additional information relates to aroom key, the user will need to know which hotel room the user isallowed access to. This additional information may be communicated tothe user. For example, the information may be displayed on the displayor may take the form of a voice message. Once the additional informationhas been received by the mobile station, the connection with the server40 is terminated.

[0035] In the next step, step S3, the mobile station is arranged toestablish a Bluetooth connection with the Bluetooth device 24. Theconnection with the Bluetooth device 24 can take place some time afterthe first two steps are being completed. As indicated previously,Bluetooth is a standard which has been proposed to permit the directcommunication between two devices. One feature of the Bluetooth standardis that each packet is transmitted with a different frequency.

[0036] Once the Bluetooth connection has been established, in step S4the mobile station sends the key information to the Bluetooth device.This may be in response to a request from the Bluetooth device for thekey.

[0037] In step S5, the Bluetooth device will check the validity of thekey. In particular, the Bluetooth device attempts to decrypt the keysand will compare it with key information which it has stored thereon.

[0038] In step S6, if the key is valid, then the Bluetooth device 24will provide access for example to the room.

[0039] In embodiments of the present invention, it is envisaged that themobile station could be used to store more than one key. So that theBluetooth device 24 is able to receive the correct key, it is preferredthat each key has an identification tag which identifies the serviceprovider. The Bluetooth device would in its request sent to the mobilestation for the key include this information identifying the associatedservice provider. The mobile station would then only send the key(s)which have the tag associated with the given service provider. Where anumber of different keys are associated with the given service provider,the Bluetooth device could try all of the keys to see which one matches.It is of course possible in embodiments of the present invention thateach Bluetooth device has a unique identity tag so that the mobilestation only sends the key which matches that identity tag provided bythe Bluetooth device.

[0040] In alternative embodiments of the present invention, the mobilestation may provide all of the keys which it has to the Bluetooth devicewhich will then test all of them in order to determine which key is thecorrect key. This may be less preferable in those embodiments wheresecurity is of importance.

[0041] The key may have a time limit beyond which it is not valid. Forexample, a hotel room key may be only valid for the time that the userstays in the hotel. Accordingly, in some embodiments of the presentinvention, time information may form part of the key. Alternatively,there may be separate information provided relating to time information.The Bluetooth device, when determining if the key is valid or not, willcheck to see whether or not the key is still valid. The time informationmay take any suitable format such as a start time and/or an end time orany other suitable format. For this, the Bluetooth device will requireaccess to a clock. That may be part of the Bluetooth device itself orthe information may be provided by the mobile station.

[0042] In embodiments of the present invention, asymmetric encryption orsymmetric encryption may be used. With symmetric encryption, the samekey is used for encrypting as for decrypting. With asymmetricencryption, different keys are used for encryption and decryption. Forexample, public and private keys may be used. Thus, the data may beencrypted with a public key which is well known and decrypted with aprivate key which is only known to a given user. It should beappreciated that any suitable form of encryption and decryption could beused.

[0043] In order to further increase the security, a hash code can beapplied to the key data.

[0044] It should be appreciated that any suitable way of transmittingkey data securely between the server, the mobile station and theBluetooth device may be used. In many of these forms the BTS and GWwould not be needed.

[0045] In embodiments of the present invention, the mobile device hasbeen described as being a mobile station. It should be appreciated thatany suitable device can be used. For example, items such as wristwatches could be modified so as to provide the functions of theembodiments of the present invention. Indeed, dedicated devices may beprovided in order to perform the functions of embodiments of theinvention. It has been proposed to provide a credit card type devicewhich has the capability of making radio connections. Embodiments of thepresent invention may be incorporated in such devices.

[0046] In embodiments of the present invention, the mobile station hasbeen described as using the Bluetooth protocol. However, in alternativeembodiments of the present invention, different radio frequencies can beused. For example, infrared, wireless LAN and HomeRF could be usedinstead of the Bluetooth .

[0047] Embodiments of the present invention may be used in a wide rangeof situations. For example, the mobile station 8 may receive from theserver a ticket for a sporting event, theatre or cinema. The mobilestation may receive from the server a key which allows a rented car tobe driven. The mobile station may receive tickets which allow the userto travel on public transport such as aeroplanes, buses or trains.Embodiments of the present invention may be arranged to provide accessto for example ski lifts. Embodiments of the present invention areparticularly applicable to the provision of temporary access for exampleto a hotel or access to a cinema. However, embodiments of the presentinvention can be used to permit a user to obtain access to morepermanent services. For example, embodiments of the present inventioncan be arranged to allow a user to access their office or home.

[0048] The additional information will be appropriate for a particularservice. In the context of a hotel room, the additional information willtake the form of the room number. In the case of car rental, theadditional information will take the form of the registration number ofthe car and/or a reference. In the case of tickets to an event, theinformation may take the form of the seat information. The additionalinformation may also provide time information. For example, the amountof time for which a hotel room is available may be included. Inembodiments of the present invention, the same technique can be used toobtain more user time. For example, in the case of a rental car the usermay use the same technique in order to obtain a longer rental time.

[0049] In embodiments of the present invention, there is no need toconnect each of the Bluetooth devices together to a central controlelement. This is because of the provision of information relating to thetime for which the key is valid. In the case of a lock, the key used bythe lock does not have to be continually changed. For example, a hotelroom may be validly opened by a user one day but if the user has notrequested the room for an additional day, the user will not be permittedto enter that room on the next day. Thus, the need for additional infrastructure connecting the Bluetooth devices can be avoided. The validitytime for the key can be in the non-encrypted part of the key so that themobile station can remove it automatically. Also this would allow theBluetooth device to send a request to the mobile station to remove thekey. As an alternative rather than a valid time information any othervalidity information indicating the validity of a user or validity ofuse of the item being accessed can be transferred. For example a maximumspeed for a hire car during use could be stipulated.

[0050] The access key is stored in the memory 18 of the mobile station.Alternatively, the access key may be stored in an integrated part of thedevice for example on a smart card. The key information is also storedin the memory 34 of the Bluetooth device. Again, the information may bestored in any other suitable location in the Bluetooth device.

[0051] Mobile stations or devices embodying the present invention maystore any number of different keys for different purposes.

[0052] In alternative embodiments of the present invention, the mobilestation may be arranged to provide the Bluetooth device with useridentification information. This may be part of the key or separatetherefrom. This information can be used to provide additional security.For example, in the car rental situation, the user may be required toidentify himself by entering a personal identification number code toprevent misuse or crime. Additionally the key may be stored in the partof the memory which requires the user to enter their personal identitynumber (PIN). Without the PIN the mobile station will not send the key.Additionally each key can be provided with its own PIN. The user needsto know the PIN in order to use the key. The mobile station sends thekey together with the PIN (the PIN could be, for example, part of thekey for decryption). Furthermore no PIN might be required.

[0053] It is preferred that the validity time for the key be encrypted.This means that the mobile station can automatically delete those keyswhich are out of date.

[0054] The keys are preferably stored in a tamper proof memory which maybe an ASIC, smart card or the like.

[0055] In alternative embodiments of the present invention, a singleantenna may be provided in the mobile station and the key informationand the like may be provided to the mobile station using the sameantenna which is used to send the key information to the accessedentity. That single antenna may be arranged to use the Bluetoothstandard or the usual mobile station frequencies.

1. An access device comprising. means for receiving, via a wireless communication link, a key and validity information, wireless communication means for establishing a connection with another party, said wireless communication means being arranged to provide said key and said validity information to said another party, wherein if said key and said validity information are determined by the another party to be valid access is provided. 2 A device as claimed in claim 1, wherein said receiving means is arranged to receive additional information relating to the another party
 3. A device as claimed in claim 2, wherein said additional information is available to a user of said access device 4 A device as claimed in claim 3, wherein said device comprises a display and said display is arranged to display said additional information.
 5. A device as claimed in claim 3, wherein said device comprises a speaker and said speaker is arranged to provide said additional information audibly.
 6. A device as claimed in claim 1, wherein said means for receiving said key and validity information comprises a wireless communication means.
 7. A device as claimed in claim 6, wherein said wireless communication means for receiving said key and validity information operate at different frequencies to the wireless communication means for establishing a connection
 8. A device as claimed in claim 1, wherein said wireless communication means for establishing a connection uses high frequency signals of the order of giga Hertz.
 9. A device as claimed in claim 1, wherein said wireless communication means for establishing a connection uses low power signals
 10. A device as claimed in claim 1, wherein said wireless communication means for establishing a connection uses Bluetooth signals 11 A device as claimed in claim 1, wherein said wireless communication means for establishing a connection uses infra red signals. 12 A device as claimed in claim 1, wherein said device is arranged to have more than one key at the same time 13 A device as claimed in claim 1, wherein each key has an identifier associated therewith, said another party being arranged to provide identification information, said device being arranged to provide the or each key which has the identifier associated with the received identification information to said another party. 14 A device as claimed in claim 13, wherein said identifier identifies a service provider 15 A device as claimed in claim 1, wherein said device provides access to one or more of the following. hotel room, theatre; cinema, hire car; ski lift; public transport or office. 16 A device as claimed in claim 1, wherein said device comprises a memory for storing said key 17 A device as claimed in claim 1, wherein at least part of said key and/or said validity information are at least partly encrypted. 18 A device as claimed in claim 17, wherein at least part of said key is not decryptable by said device 19 A device as claimed in claim 1, wherein said device is arranged to provide to said another party information identifying the user of said device.
 20. A device as claimed in claimed in claim 1, wherein said validity information comprises time related information 21 An access system comprising a device as claimed in claim 1, in combination with said another party.
 22. A system as claimed in claim 21, wherein said another party comprises means for determining if the key and validity information received from said access device are valid 23 An access method comprising the steps of receiving, via a wireless communication link, a key and validity information; establishing a wireless connection with another party; providing said key and said time related information to said another party; and checking at said another party if said key and said time related information are valid and if so providing access 24 A method as claimed in claim 23 wherein said validity information comprises time related information 25 A device as claimed in claim 1, wherein said device is a mobile station 